chore(worflows): configure for npm trusted publishers

Author: OS-jacobbell

.github/workflows/actions/publish-npm/action.yml

@@ -10,13 +10,9 @@ inputs:
   folder:
     default: './'
     description: 'A folder containing a package.json file.'
-  token:
-    description: 'The NPM authentication token required to publish.'
-
   createRelease:
     description: 'Create a release on GitHub.'
     default: 'false'
-
   ghToken:
     description: 'The GitHub authentication token required to create a release.'
 
@@ -49,12 +45,6 @@ runs:
       run: npm run build
       shell: bash
       working-directory: ${{ inputs.working-directory }}
-    - name: Prepare NPM Token
-      run: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > .npmrc
-      working-directory: ${{ inputs.working-directory }}
-      shell: bash
-      env:
-        NPM_TOKEN: ${{ inputs.token }}
     - name: Publish to NPM
       run: npm publish ${{ inputs.folder }} --tag ${{ inputs.tag }} --provenance
       shell: bash

.github/workflows/dev-release.yml

@@ -33,7 +33,6 @@ jobs:
           tag: dev
           version: ${{ needs.create-dev-hash.outputs.dev-hash }}
           working-directory: './'
-          token: ${{ secrets.NPM_TOKEN }}
           createRelease: 'false'
 
   get-build:

.github/workflows/production-release.yml

@@ -24,6 +24,5 @@ jobs:
           tag: latest
           version: ${{ inputs.version }}
           working-directory: './'
-          token: ${{ secrets.NPM_TOKEN }}
           createRelease: true
           ghToken: ${{ secrets.IONITRON_TOKEN }}

.github/workflows/release-orchestrator.yml

@@ -19,6 +19,10 @@ on:
                     - minor
                     - major
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
     run-dev:
         if: ${{ inputs.release-type == 'dev' }}
@@ -30,4 +34,4 @@ jobs:
         uses: ./.github/workflows/production-release.yml
         secrets: inherit
         with:
-            version: ${{ inputs.version }}
+            version: ${{ inputs.version }}